hans/Nominatim
1
0
Fork 1
mirror of https://github.com/osm-search/Nominatim.git synced 2026-02-14 01:47:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix SQL injection in truncate_data_tables

Browse Source 
Signed-off-by: remo-lab <remopanda7@gmail.com>
This commit is contained in:
remo-lab
2026-02-05 17:04:10 +05:30
parent 8188689765
commit ae7301921a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/nominatim_db/tools/database_import.py
View File

@@ -195,7 +195,7 @@ def truncate_data_tables(conn: Connection) -> None:
WHERE tablename LIKE 'location_road_%'""")
for table in [r[0] for r in list(cur)]:
cur.execute('TRUNCATE ' + table)
cur.execute(pysql.SQL('TRUNCATE {}').format(pysql.Identifier(table)))
conn.commit()